Menu
I'm trying to create a Chrome extension, but none of my JS works. The console shows this error:
Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".
Why is it blocking my jQuery from running?
208
To fix the issue you have to add `https://localhost:5000` host-source to the script-src directive. Alternatively you can use syntax 'https://localhost:*' to allow any ports.
To edit the configuration, go to chrome://extensions and click Options under Content Security Policy Override. The text area in the Options automatically saves as you edit.
Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting.
As explained on the Chome website, there is a Content Security Policy preventing your script to load remote script:
A relaxed policy definition which allows script resources to be loaded from example.com over HTTPS might look like:
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"
So in your case, the manifest.json should contain:
{ "name": "My Extension", "manifest_version": 2, "background":{ "scripts": [...] }, "content_security_policy": "script-src 'self' https://example.com; object-src 'self'", } Did you allow it in your manifest JSON file. Something like this:
manifest.json
{ "name": "My Extension", "content_scripts": [{ "js": ["jquery.min.js", "YourJavaScriptFile.js"], "matches": ["http://*/*", "https://*/*"] }] } There are required fields I left out, but just giving the basic idea.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
